Verifying Termination of General Logic Programs 

with Concrete Queries 



Yi-Dong Shen* 

Department of Computer Science, Chongqing University, Chongqing 400044, China 
. Email: ydshen@cs.ualberta.ca 

O ■ Li-Yan Yuan and Jia-Huai You 

(N 

I Department of Computing Science, University of Alberta, Edmonton, Canada T6G 2H1 

I— J 
(N 



< 



Email: {yuan, you}@cs.ualberta.ca 



Abstract 

We introduce a method of verifying termination of logic programs with re- 
Yl ' spect to concrete queries (instead of abstract query patterns). A necessary 

and sufficient condition is established and an algorithm for automatic verifica- 
tion is developed. In contrast to existing query pattern-based approaches, our 
method has the following features: (1) It applies to all general logic programs 
^ _ with non-floundering queries. (2) It is very easy to automate because it does 

' not need to search for a level mapping or a model, nor does it need to compute 

O 



an interargument relation based on additional mode or type information. (3) 
. It bridges termination analysis with loop checking, the two problems that have 

been studied separately in the past despite their close technical relation with 
Q I each other. 

Keywords: Logic programming, termination analysis, loop checking, auto- 
^ ' matic verification. 

1 Introduction 

For a program in any computer language, in addition to having to be logically correct, 
it should be terminating. Due to the recursive nature of logic programming, however, 
a logic program may more likely be non-terminating than a procedural program. Ter- 
mination of logic programs then becomes one of the most important topics in logic 
programming research. Because the problem is extremely hard (undecidable in gen- 
eral), it has been considered as a never-ending story; see [12, 15] for a comprehensive 
survey. 

* Current corresponding address: Department of Computing Science, University of Alberta, Ed- 
monton, AB, Canada T6G 2H1. Email: ydshen@cs.ualberta.ca 
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The goal of termination analysis is to establish a characterization of termina- 
tion of a logic program and design algorithms for automatic verification. A lot of 
methods for termination analysis have been proposed in the last decade (e.g., see 
[1, 2, 6, 13, 15, 17, 19, 22, 30, 31, 43, 45]). A majority of these existing methods are 
the norm- or level mapping-based approaches, which consist of inferring mode/type in- 
formation, inferring norms/level mappings, inferring models/interargumcnt relations, 
and verifying some well-founded conditions (constraints). For example, UUman and 
Van Gelder [43] and Pliimer [30, 31] focused on establishing a decrease in term size of 
some recursive calls based on inter argument relations; Apt, Bezem and Pedreschi 
[1, 2]. and Bossi, Cocco and Fabris [6] provided characterizations of Prolog left- 
termination based on level mappings/norms and models; Verschaetse [46], Decorte, 
De Schreye and Fabris [16], and Martin, King and Sopcr [28] exploited inferring 
norms/level mappings from mode and type information; De Schreye and Verschaetse 
[13], Brodsky and Sagiv [7], and Lindenstrauss and Sagiv [23] discussed automatic in- 
ference of interargument/size relations; De Schreye, Verschaetse and Bruynooghe [14], 
and Mesnard [29] addressed automatic verification of the well-founded constraints. 
Very recently, Decorte, De Schreye and Vandecasteele [15] presented an elegant uni- 
fied termination analysis that integrates all the above components to produce a set 
of constraints that, when solved, yields a termination proof. 

It is easy to see that the above methods have among others the following features. 

1. They are compile-time approaches in the sense that they make termination 
analysis only relying on some static information about the structure (of the 
source code) of a logic program, such as modes/types, norms (i.e. term sizes 
of atoms of clauses) /level mappings, models/interargument relations, and the 
hke. 

2. They are suitable for termination analysis with respect to (abstract) query 
patterns [14]. A query pattern defines a class of concrete queries,^ such as 
ground queries, bounded queries, well-moded queries, etc. 

Our observation shows that some dynamic information about the structure of a 
concrete infinite SLDNF-derivation, such as repetition of selected subgoals and clauses 
and recursive increase in term size, plays a crucial role in characterizing the termi- 
nation. Such dynamic features are hard to capture unless we evaluate some related 
concrete queries. This suggests that methods of extracting and utilizing dynamic 
features for termination analysis should be exploited. 

Another observation comes from real programming practices. Consider the follow- 
ing situation: Given a logic program P and a query pattern Q, applying a termination 
analysis yields a conclusion that P is not terminating w.r.t. Q. In most cases, this 
means that there are a handful of concrete queries of the pattern Q evaluating which 

^The difference between an abstract query pattern and a concrete query is similar to that between 
a class and an object in object-oriented programming languages. 
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may lead to infinite SLDNF-derivations. In order to improve the program, users 
(programmers) most often want to figure out how the non-termination happens by 
posing a few typical concrete queries and evaluating them step by step while deter- 
mining which derivations would most likely extend to infinite ones. Such a debugging 
process is both quite time consuming and tricky. Doing it automatically is of great 
significance. Obviously, the above mentioned termination analysis techniques cannot 
help with such job. This suggests that methods of termination analysis for concrete 
queries should be developed. 

The above two observations motivated the research of this paper. In this paper, 
we introduce an effective method for termination analysis w.r.t. concrete queries. 
The basic idea is as follows: First, since non-termination is caused by an infinite 
(generalized) SLDNF-derivation, we directly make use of some essential structural 
characteristics of an infinite derivation (such as variants, expanded variants, etc.) 
to characterize the termination. Then, given a logic program and a set of concrete 
queries, we evaluate these queries while dynamically collecting and applying certain 
structural features to predict (based on the characterization) if we are on the track to 
an infinite derivation. Such a process of query evaluation is guaranteed to terminate 
by a necessary condition of an infinite derivation. Finally, we provide the user with 
either an answer Yes, meaning that the logic program is terminating w.r.t. the given 
set of queries, or a finite (generalized) SLDNF-derivation that would most likely lead 
to an infinite derivation. In the latter case, the user can improve the program following 
the guidance of the informative derivation. 

Although the termination problem is undecidable in general, our method works 
effectively for a vast majority of general logic programs with non-fioundering queries. 
In fact, the methodology used in this paper is partly borrowed from loop checking — 
another research topic in logic programming, which focuses on detecting and elimi- 
nating infinite loops in SLD-trees (e.g., see [3, 8, 26, 27, 35, 36, 37, 44, 48]). Therefore, 
our work bridges termination analysis with loop checking, the two problems which 
have been studied separately in the past despite their close technical relation with 
each other [12]. 

The plan of the paper is as follows. In Section 2, we introduce a notion of a 
generalized SLDNF-tree, which is the basis of our method. Roughly speaking, a gen- 
eralized SLDNF-tree is a set of SLDNF-trees augmented with an ancestor-descendant 
relation on their subgoals. In Section 3, we prove a necessary and sufficient condition 
for an infinite generalized SLDNF-derivation. In Section 4.1, we formally define the 
notion of termination, which is slightly different from that of De Schreye and Decorte 
[12]. In Section 4.2, we develop an algorithm for automatically verifying termination 
of a general logic program with concrete queries and prove its properties. We will use 
some representative logic programs to illustrate the effectiveness of the algorithm. 
In Section 5, we mention some related work on termination analysis and on loop 
checking. We end in Section 6 with some concluding remarks and further work. 
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1.1 Preliminary 



We present our notation and review some standard terminology of logic programs as 
described in [25]. 

Variables begin with a capital letter, and predicate, function and constant symbols 
with a lower case letter. Let A be an atom/function. The size of A, denoted \A\, is 
the count of function symbols, variables and constants in A. We use rel{A) to refer 
to the predicate/function symbol of A, and use A[i] to refer to the i-th argument of 
A, A[i][j] to refer to the j-th argument of the i-th argument, and so on. Let S' be a 
set or a list. Wc use l^l to denote the number of elements in 5*. 

Definition 1.1 Let A be an atom with the list [Xi, Xm] of distinct variables. By 
variable renaming on A we mean to substitute the variables of A with another list 
[li, Y^] of distinct variables. Two atoms A and B are said to be variants if after 
variable renaming (on A or B) they become the same. 

For instance, let A = p{a, X, Y, X) and B = p{a, Z, Y, Z). By substituting [X, Y] 
for [Z, Y] , B becomes the same as A, so A and B are variants. However, A and 
C = p{a, Z, Y, W) are not variants because there is no variable substitution that 
makes them the same. Note that any atom A is a variant of itself. 

Definition 1.2 A (general) logic program is a finite set of clauses of the form 
A <— Li, Ln 

where A is an atom and LjS are literals. A is called the head and Li, L„ is called 
the body of the clause. If a general logic program has no clause with negative literals 
in its body, it is called a positive program. 

Definition 1.3 A goal is a headless clause Li, L„ where each literal Lj is called 
a subgoal. Li,...,L„ is called a (concrete) query. When n — 0, the " symbol is 
omitted. 

The initial goal, Gq Li, L„, is called a top goal. Without loss of generality, 
we shall assume throughout the paper that a top goal consists only of one atom (i.e. 
n — 1 and Li is a positive literal). 

Definition 1.4 A control strategy consists of two rules: one rule for selecting one goal 
from among a set of goals, and one rule for selecting one subgoal from the selected 
goal. 

The second rule in a control strategy is usually called a selection or computation 
rule in the literature. Throughout the paper wc use a fixed depth-first, left-most 
control strategy (as in Prolog). So the selected subgoal in each goal is the left- most 
subgoal. 

Trees are commonly used to represent the search space of a top-down proof pro- 
cedure. For convenience, a node in such a tree is represented by Ni : Gi where Ni is 
the name of the node and Gi is a goal labeling the node. Assume no two nodes have 
the same name. Therefore, we can refer to nodes by their names. 
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2 Generalized SLDNF-Trees 



Non-termination of general logic programs results from infinite derivations. In order to 
characterize infinite derivations more precisely, in this section we extend the standard 
SLDNF-trees [25] to include some new features. 

To characterize an infinite derivation we need first to define the ancestor-descendant 
relation on its selected subgoals. Informally, A is an ancestor subgoal of B if the 
proof of A needs (or in other words goes via) the proof of B. For example, let 
M A, Ai, Am be a node in an SLDNF-tree, and Bi, Ai, A^ be 

a child node of M that is generated by resolving M on the subgoal A with a clause 
A ^ Bi, Bn- Then A at M is an ancestor subgoal of all BiS at A^. However, such 
relationship does not exist between A at M and any Aj at N. It is easily seen that 
all BiS ai N inherit the ancestor subgoals of A at M. 

The ancestor-descendant relation can be explicitly expressed using an ancestor list 
introduced in [36], which is a set of pairs {Node, Atom) where Node is the name of a 
node and Atom is the selected subgoal at Node. The ancestor list of a subgoal Lj is 
ALlj = {{Ni,Ai), {Nk,Ak)}, showing that Ai at node Ni, and Ak at node A''^ 
are all ancestor subgoals of Lj. For instance, in the above example, if the ancestor 
list of the subgoal A at node M is AL^ then the ancestor list of each B^ at node 
is ALb, = {{M,A)}uALa. 

Augmenting SLDNF-trees with ancestor lists leads to the following definition of 
SLDNF*-trees. 

Definition 2.1 (SLDNF*-trees) Let P be a general log ic program, Gq — < — Aq a 
top goal, and R a depth- first, left-most control strategy. The SLDNF* -tree for 
P U {Go} via R is defined as follows. 

1. The root node is Nq : Go with the ancestor list ALaq = {} ior Aq. 

2. Let Ni Li, Lm be a node in the tree selected by P. If m = then N is 
a success leaf, marked by Otherwise, we distinguish between the following 
two cases. 

(a) If Li is a positive literal, then for each clause B <— Bi, Bn such that Li 
and B are unifiable, N has a child node 

Ns (-Bi, Bn, L2, Lni)9 
where 6 is an mgu (i.e. most general unifier) of Li and B, the ancestor list 
for each B^O is ALb^o — {{N^, Li)} U ALl^, and the ancestor fist for each 
LkO is ALij^e = ALl^. If there exists no clause whose head can unify with 
Li then A^j has a single child node — a failure leaf, marked by 

(b) If Li — -^A is a ground negative literal, then build a partial SLDNF*-tree 
T^A for P U A\ via R where A inherits the ancestor list of Li, until 
the first success leaf is generated. If T^a has a success leaf then N^ has 
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a single child node — a failure leaf, □/. Otherwise, if all branches of T^a 
end with a failure leaf then Ni has a single child node 



Ng L2, Ljji 
where all inherit the ancestor lists of at node Ni. 



Note that in this paper we do not discuss floundering — a situation where a 
non-ground negative subgoal is selected by R (see [9, 18, 24, 32] for discussion on 
such topic). In contrast to SLDNF-trees, an SLDNF*-tree has the following two new 
features. 

1. An ancestor list ALlj is attached to each subgoal Lj. In particular, subgoals 
of a subsidiary SLTNF*-tree T^a built for solving a subgoal Li = -^A inherit 
the ancestor hst of Li (see item 2b). This is especially useful in identifying 
infinite derivations across SLTNF*-trees (see Example 2.1). Note that a negative 
subgoal will never be an ancestor subgoal. 

2. To handle a ground negative subgoal Li = -lA, only a partial subsidiary 
SLTNF*-tree T^a is generated by stopping at the first success leaf (see item 2b). 
The reason for this is that it is totally unnecessary to exhaust the remaining 
branches of T^a because they would have no new answer for A. This can not 
only improve the efficiency of query evaluation, but also avoid some possible 
infinite derivations (see Example 2.2). In fact, Prolog achieves this by using 
cuts to skip the remaining branches of T^a (e.g. see SICStus Prolog [21]). 

For convenience, we use dotted edges "• • •>" to connect parent and child SLDNF*- 
trees, so that infinite derivations across SLDNF*-trees can be clearly identified. More- 
over, we refer to Tc,,, the top SLDNF*-tree, along with all its descendant SLDNF*- 
trees as a generalized SLDNF-tree for P U {Go}, denoted GTcq- Therefore, a path 
of a generalized SLDNF-tree may come across several SLDNF*-trees through dotted 
edges. Any such a path starting at the root node A^o ■ Gq is called a generalized 
SLDNF-derivation. A generalized SLDNF-derivation is successful (resp. failed) if it 
ends at a success leaf (resp. at a failure leaf). 

Thus, there may occur two types of edges in a generalized SLDNF-tree, " — >" 
and " ■ ■ ■ For convenience, we use " to refer to either of them. We also 
use Ni : Gi ... N^. : Gk to represent a segment of a generalized SLDNF- 
derivation, which generates Nk : Gk from Ni : Gi by applying the set of clauses 
{Ci, ...Cm}- Moreover, for any node Ni : Gi we use Lj to refer to the selected (i.e. 
left- most) subgoal in Gj. 

Example 2.1 Let Pi be a general logic program and Go a top goal, given by 



Pi: 
Go: 



p{X)^^p{f{X)). 
^p{a). 



G, 



'pi 
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No: ^p{a) 
Nv. ^-p(/(a)) m: ^Pifia)) 



^3: ^ -p(/(/(a))) ..... iV4: ^p(/(/(a))) 

I dpi 



00 



Figure 1: A generalized SLDNF-tree GT^p^^)- 

The generalized SLDNF-trcc G'T^p(a) for Pi U {Go} is shown in Figure 1, where 
00 represents an infinite extension. We see that GT^p(a) consists of one infinite 
generalized SLDNF-derivation. 

Example 2.2 Consider the following general logic program and top goal. 

q- Cg^ 
q^q. Cq^ 
Go: ^p. 

The generahzed SLDNF-tree GT^p for P2 U {Gq} is depicted in Figure 2 (a). For the 
purpose of comparison, the SLDNF-trees for P2 U p} are shown in Figure 2 (b). 
Note that Figure 2 (a) is finite, whereas Figure 2 (b) is not. 



No: 


iVo: f-p 


Ar2: ^ g 








Ni: ^ -.g 


iVi: ^ -.g 


N3: □* A^4: ^ q 








t 

N2: ^ q 




Ns: □* 00 








N3: □* 






(a) 




(b) 



Figure 2: A generalized SLDNF-tree GT^p (a) and its two corresponding SLDNF- 
trees (b). 



We now formally define the ancestor-descendant relation. 

Definition 2.2 Let Ni : Gi and A''^ : Gk be two nodes in a generalized SLDNF- 
derivation, and A and B be the selected subgoals in Gi and G^, respectively. We say 
that A is an ancestor subgoal of B, denoted A -<anc B, if A is in the ancestor list 
ALb of B. When A is an ancestor subgoal of B, we refer to S as a descendant subgoal 
of A, Ni as an ancestor node of N^, and N^ as a descendant node of ATj. 
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3 Characterizing an Infinite Generalized SLDNF- 
Derivation 



In this section we establish a necessary and sufficient condition for an infinite gener- 
afized SLDNF-derivation. 

In [37], a concept of expanded variants is introduced, which captures some key 
structural characteristics of certain subgoals in an infinite SLD-derivation. We observe 
that it applies to general logic programs as well. That is, infinite generalized SLDNF- 
derivations can be characterized based on expanded variants. 

Definition 3.1 Let A and A' be two atoms or functions. A' is said to be an expanded 
variant of A, denoted A' ^ev A, if after variable renaming on A' it becomes B that 
is the same as A except that there may be some terms at certain positions in A each 
74[i]...[A;] of which grows in B into a function i?[z]...[/c] = f{...,A[i]...[k],...). Such 
terms like 74[i]...[/c] in A are then called growing terms w.r.t. A'. 

As an illustration, let A = p{X, g{X)) and A' = p{Y, g(h{Y))). By renaming 
Y with X, A' becomes B = p{X, g{h{X))), which is the same as A except that 
i?[2][l] = /i(A[2][l]). Therefore, A' is an expanded variant of A with a growing term 
yl[2][l]. Here are a few more examples: p{X,Y) □gy p{Z,W), p{f{a)) ^ev p{ci), 
p{g{a),f{g{h{X))j) ^ev p{aJ{h{Y))), and p{[X,, X^, X^]) ^ev p{[Xi,X4) (note 
that [Xi,X2,Xs\ = [Xi\[X2,Xs\]). 

It is immediate from Definition 3.1 that variants are expanded variants with the 
same size. 

Theorem 3.1 Let D be an infinite generalized SLDNF-derivation without infinitely 
large subgoals. Then there are infinitely many goals Gg^^Gg^, ... in D such that for 
any j > 1, Lg. -<anc -^g^+i ^nd Lg. and L^^^^ are variants. 

Proof. Let D be of the form 

No-.Go^Ni-.Gi^ ... ^Nr.Gi^ TV^+i : G^+i ^ ... 

For each derivation step Ni : Gj -^j+i : Gj+i, where Lj is a positive subgoal and 
C = A^ Bi, ...Br, such that AO = LjO under an mgu 6, we do the following: 

1. If n = 0, which means L] is proved at this step, mark node with 

2. Otherwise, the proof of Lj needs the proof of Bj6 {j — 1, n). If all descendant 
nodes of Nj, in D have been marked with which means that all BjO have been 
proved at some steps in D, mark node Nj, with 

Note that the root node Nq will never be marked by for otherwise Go would 
have been proved and D should have ended at a success leaf. After the above marking 
process, let D become 
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No-.Go^ ... ^ N^, : G^, => ... Ni, : G,, ^ ... ^ Ni^ : Gi^ ^ ... 

where all nodes except Nq, Ni-^^, Ni^, A^j^,, ... are marked with Since we use the 
depth-first, left- most control strategy, for any j >0 the proof of Lj. needs the proof 
of Ll._^_^ (let io — 0), for otherwise N^. would have been marked with That is, L], 
is an ancestor subgoal of Lj.^^ . Moreover, D must contain an infinite number of such 
nodes because if A^j^ : Gj^ was the last one, which means that all nodes after Ni^^ were 
marked with ^, then Lj^ would be proved, so that A^i^, should be marked with a 
contradiction. 

The above proof shows that D has an infinite number of selected subgoals L]^ , , ... 
such that L\, -<anc ^j+i U ^ Since all subgoals in D are bounded in size, and 
any general logic program has only a finite number of clauses and predicate, function 
and constant symbols, there must be an infinite number of subgoals L^^ , L^^, ... among 
the Lj.s that are variants. This concludes the proof. 

Theorem 3.2 Let D be an infinite generalized SLDNF- derivation with infinitely large 
subgoals. Then there are infinitely many goals Gg^,Gg^, ... in D such that for any 
j > 1; L]. -<ANC L].^, and L].^^ L]. with \L].J > 

The following lemma is required to prove this theorem. 

Lemma 3.3 Let S = {Ci,...,C„} be a finite set of clauses. Let D be an infinite 
generalized SLDNF-derivation of the form 

No-.Go^ ...N,, : Gi, ^ ... ^ N,, : G,, ^ ... ^ N,, : G^, ^ ... 

where for any j > 1, {Q,, ...,Cj„^,} = 5", Lj. -<anc L\^+^, and L\^ is a variant of L\.^^ 
except for a few terms (at least one) at certain positions in L]^^^ that increase in size 
w.r.t. L]^. Then there are an infinite sequence of subgoals Lg^,Lg^... among the L\.s 
such that for any k>l, L]^^^ □gy L]^ with |L^^^J > \L]^\. 

Proof. Since L\,^^ being an expanded variant of L\, with l-^^^J > \L\\ is determined 
by those arguments of L\^ whose size increases w.r.t. L\^^^, for simplicity of presenta- 
tion wc ignore the remaining arguments of L\^ that arc variants of the corresponding 
ones in L\,^^. Since the Lj^.s arc generated by repeatedly applying the same set S of 
clauses, the increase in their term size must be made in a fixed, regular way (assume 
that our programs contain no built-in's such as assert{.) and retract{.)). In order to 
facilitate the analysis of such regular increase in term size, with no loss in generality, 
let each L\, be of the form piXTl, ...,T^J), which contains a single argument that is 



a list, such that the list of L] is derived from the list L = IT^ , ...,Ti, ] of L} via a 
DELETE- ADD-SHUFFLE process which consists of deleting the first < < rrij 
elements from L, then adding > n~ elements to the front of the remaining part of 
L, and finally shuffling the list of elements obtained (in a fixed way).^ 

Let X represent a sequence of elements, such as Xi,X2, ...iXjn- We distinguish 
tlio following two cases based on the ADD operation. 

^See Example 4.4 for an illustration. 
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1. The n'^ added elements are independent of the hst L of elements of L}.. Since 
the same set S of clauses is apphed, the set Ei of elements added to L}^ from 
L,-, must be the same as or a variant of the set added to L,-, from L,-„ that must 
be the same as or a variant of the set added to Lj^ from L,}, , and so on. Let 
E2 C {T^, T^^} be such that each T E E2 occurs in the derivation D infinite 
times. That is, no T E E2 will be removed by the DELETE operation. (But 
all T G {T^ , ...,T^^} — E2 will be deleted at some derivation steps in D by 
the DELETE operation.) Then there must be an infinite sequence Lj^jL^^, ... 
among the L^^.s such that for any > 1, all elements in come from Ei U E2 
(or its variant). Since Ei U E2 contains only a finite number of elements, no 
matter what shuffling approach is used, there must be an infinite sequence 
Lg^, L^g^... among the Lj^s such that for any k> 1, let L^^ = p([iS'i, .... (S^]), then 

after variable renaming L]^^^^ will become like p([Si, ...,SVJ) such that each Si 
is in 5";. Obviously, these S'/s in V- are growing terms w.r.t. L\ . That is, 
Ll '^Ev L\ with \Ll I > \Ll 1. 

2. Some of the n+ added elements depend on the list of Lj^. For simplicity of 
presentation and without loss of generality assume that from L}^ to L}^ only one 
added element, say of the form f{A\,g{Al)), depends on the list [T/,...,T^J 
of L]^. Let El be the set of elements added to L]^ that are independent of 
the list [T]^, T^J. That is, the set of added elements from L]^ to L]^ is 
El U {f{A\,g{Al))}. Let E ^ EiU {T^, T^}. Then E can be considered to 
be the domain of the two arguments ^4^, A2 in f[A\,g[Al)), i.e. A\,Al e E. 
Since all the Lj.s in the derivation D are generated recursively by applying the 
same set S of clauses, for any j > 1 from L}. to L}_^_^ the set of added elements 
should be Ei U {f{Aig{Ai))} where A^ Ai G E U {/{A^ g{A^))\k < j}. It is 
easy to sec that any element of L], with an infinitely large size must be of the 
form f{A^,g{A^)) where or A~ or both are of the form f{A^,g{A^)). 
We now consider the following two cases. 

(a) No L], in D contains elements with an infinitely large size. Let be the 
largest size of an element /(_, g{J)) in the Lj.s and let E2 = {f{A'l, g{A2))\k > 
1 such that \f{A'l,g{A^))\ < N}. Obviously E2 is finite. So the elements 
of any L], in D come from E U E2. Since E U E2 is finite, the number of 
the combinations of elements of EU E2 is finite. Since the Lj s in D grow 
towards an infinitely large size, some combinations must repeat in D infi- 
nite times. This suggests that no matter what shuffling approach is used, 
there must be an infinite sequence L^^, Lg^... among the Lj.s such that for 
any A; > 1, let = p([Si, Sn]), then after variable renaming Ll will 

become like p{[Si, Sn]) such that each 5"; is in 5^. These SiS in L^^ are 
growing terms w.r.t. L^^^, thus L^^^ Uev with > jL^J. 

(b) As J — > 00, some elements in L], grow towards an infinitely large size. Let 
T^'^^ be an element in the hst of Ll._^_^ that (as j — > 00) grows towards an 
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element with an infinitely large size. Then there must be an element 
in the list of L}^ that grows towards an element with an infinitely large 
size via T^'^^ (otherwise, T^'^^ would not grow towards an infinitely large 
element since we apply the same set S of clauses from Lj to Lj as from 
L\, to L\,^^). This means that T^^^ is the same as (or a variant of) or 
j'j+i — f[^A\, g{A2)) such that (or its variant) is in A\ or A2. Obviously 
T^'^^ is an expanded variant of TK Generalizing such argument, for each 
infinitely large element Ti° in the list of we have an infinite sequence 

T^l '~p2 rjij rpjJf-l rpoo 

1 , 1 , 1 , 1 I 

with each in the list of L}. such that grows towards via that 
grows towards Ti°° via T^, and so on. Obviously, for any /c > j > 1 T'^ is an 
expanded variant of T^. So in this case each is called a growing element 
w.r.t. T,°°. Note that if there are more than one element in some L} that 
grow towards via T^+^, such as in the case T^+^ = f{Ti,g{T^)) with 
T(,Ti in L}., only one of them is selected as the growing element w.r.t. 
Ti°° based on the following criterion: must be an expanded variant of 
T^"^. If still more than one element meet such criterion, select an arbitrary 
one. 

We now partition the list [T(, ...,T^^] of each Lj^ into two parts: the 
sublist GEij of growing elements and the sublist NGEi. of non-growing 
elements. That is, T e [Tf , ...,T^^.] is in GEi. if it is a growing element 
w.r.t. some 7]°°. Clearly, for each A; > j > 1 \GEi^\ > \GEi.\. Since for any 

•■•) Kn in GEi. there are m elements V^/, in GE^^ such that each VI 
is an expanded variant of V/, there must be an infinite sequence Lj-^, Lj^, ••• 
among the L\.s such that for any k > j > 1 GEj^, is an expanded variant 
of GEf.. That is, let GEf. = [Vi,...,V^], then after variable renaming 
GEf^ becomes [Vi, Kn] such that each Vi contains an element that is an 
expanded variant of Vi. 

Now consider the elements of L^^.s. Since all infinitely large elements 
have been covered by the growing elements, the size of any non-growing 
element is bounded by some constant, say N. Let E2 — {f{Af, g{A2))\k > 
1 such that \f{A^^,g{A^))\ < N}. So all non-growing elements of any Lj^ 
come from E VJ E2. Since £" U £'2 is finite and the sequence Lj-^, Lj.^, ... is 
infinite, some combinations of elements of EVJ E2 must occur in infinitely 
many L^^.s. This implies that no matter what shuffling approach is used, 
there must be an infinite sequence L^^, L}g^... among the L}f.s such that for 
any > 1, let L^^ =^([51,..., S'n]), then after variable renaming L}g^^^ will 
become like p([S'i, iS^]) such that each Si contains an element that is an 
expanded variant of Si. That is, L\ '^ev L\ with ILJ I > \L\,\. 

Proof of Theorem 3.2. By the proof of Theorem 3.1, D contains an infinite 
number of selected subgoals L\,L\,... such that -<anc -^j+i (j > 1)- Since any 
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logic program has only a finite number of clauses, there must be a set of clauses in 
the program that are invoked an infinite number of times in D. Let S — {Ci, C„} 
be the set of all different clauses that are used an infinite number of times in D. Then 
D can be depicted as 

N,:Go^ ..M, : ^ ... ^ iV, : ^i. ... ^ iV,3 : G., ^ ... 

where for any j > 1, Lj^ -<anc -^[,+1 {^in ^jn } — Since any logic program 
has only a finite number of predicate, function and constant symbols and D contains 
subgoals with infinitely large size, there must be an infinite sequence Lj-^, L^f^--- among 
the Lj.s such that for any Z > 1, Lj:^ is a variant of L\^^ except for a few terms in L^^^^ 
that increase in size. Hence by Lemma 3.3, there is an infinite sequence Lg^,Lg^... 
among the L^^s such that for any k>l L^g^_^^ ^ev -^g^ with |i^gj^_^J > l-^g^^l- 

Theorem 3.4 D is an infinite generalized SLDNF-derivation if and only if it is of 
the form 

No-.Go^ ...Ng, : Gg, ^ ... ^ Ng, : Gg, ^ ... ^ Ng, : ^ ... 

such that 

1. For any j > I, L]. ■<anc L].^^ and L].^^ ^ev L]^- 

2. For any j > 1 \L]^ \ = \L]^^_^\, or for any j > 1 |L^J < l^^g^^J. 

3. For any j > 1, the set of clauses used to derive L\j^^-^ from Lg. is the same as 
that of deriving L].^^ from L].^^, i.e. {Cj^, C^„.} = {C(j+i),, C(j+i)^.^J. 

Proof. {<=) Straightforward. 

(=^) By Theorems 3.1 and 3.2, D is of the form 

iVo : Go ^ ... ^ A^ii : G^, =^ ... =^ : G^^ ... 

where for any j > 1, Lj. -<anc -^i^+i ^^^^1 L\_,^^ ^ev Lj^. In particular, when all 
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Otherwise, by Theorem 3.2 for any j > 1 \Ll. \ < |I/|^.^J. 

Since any logic program has only a finite number of clauses, there must be a set 
S — {Gi, ...,Gn} of clauses in the program that are invoked an infinite number of 
times in D. This means that there exists an infinite sequence of subgoals L^^, L^^, ... 
among the s such that for any j > 1 L^g.^^ is derived from V^. by applying the set 
S of clauses. That is, D is of the form 

TVo : Go ^ ...A^,, : G,, 3i> ... ^ Ng, : G,, ^ ... ^ Ng, : Gg, ^ ... 
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such that the three conditions of this theorem hold. 

Theorem 3.4 is the principal result of this paper. It captures two crucial charac- 
teristics of an infinite generalized SLDNF-derivation: repetition of selected subgoals 
and clauses, and recursive increase in term size. Repetition leads to variants, whereas 
recursive increase introduces growing terms. It is the characterization of these key 
(dynamic) features that allows us to design a mechanism for automatically testing 
termination of general logic programs. 

4 Testing Termination of General Logic Programs 
4.1 Definition of Termination 

In [12], a generic definition of termination of logic programs is presented. 

Definition 4.1 Let P be a general logic program, Sq a set of queries and Sr a set 
of selection rules. P is terminating w.r.t. Sq and Sr if for each query Qi in Sq and 
for each selection rule Rj in 5"^, all SLDNF-trees for P U {■<— Qi} via Rj are finite. 

Observe that the above definition considers finite SLDNF-trees for termination. 
That is, if P is terminating w.r.t. Qi then all (complete) SLDNF-trees for PU{<— Qi} 
must be finite. This does not seem to apply to Prolog where there exist cases in 
which, although P is terminating w.r.t. Qi and Rj, some (complete) SLDNF-trees 
for P U Qi} are infinite. Example 2.2 gives such an illustration, where Prolog 
terminates with a positive answer. 

In view of the above observation, we present the following definition based on a 
generahzed SLDNF-tree. 

Definition 4.2 Let P be a general logic program, Sq a finite set of queries and R a 
fixed depth-first, left-most control strategy. P is terminating w.r.t. Sq and R if for 
each query Qi in Sq, the generalized SLDNF-tree for P U {<— Qi} via R is finite. 

The above definition implies that P is terminating w.r.t. Sq and it! if and only 
if there is no infinite generalized SLDNF-derivation in any generalized SLDNF-tree 
GT<_Q.. So the following result is immediate from Theorem 3.4. 

Theorem 4.1 P is terminating w.r.t. Sq and R if and only if for each query Qi in 
Sq there is no infinite generalized SLDNF-derivation in GT^q. of the form 

NO-.GO^ ...Ng, : Gg, ^ ... ^ Ng, : Gg, ^ ... ^ Ng, : Gg, ^ ... 

that meets the three conditions of Theorem 3.4. 
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4.2 An Algorithm for Automatically Testing Termination 

Theorem 4.1 provides a necessary and sufficient condition for termination of a general 
logic program. Obviously, such a condition cannot be directly used for automatic 
verification because it requires generating an infinite generalized SLDNF-derivation 
to see if the three conditions of Theorem 3.4 are satisfied. 

As we mentioned before, the three conditions of Theorem 3.4 capture two most im- 
portant structural features of an infinite generalized SLDNF-derivation. Therefore, 
wc may well use these conditions to predict possible infinite generalized SLDNF- 
dcrivations based on some finite generalized SLDNF-dcrivations. Although the pre- 
dictions may not always be guaranteed to be correct (since the termination problem 
is undecidable in general), it can be correct in a vast majority of cases. That is, if 
the three conditions of Theorem 3.4 are satisfied by some finite generalized SLDNF- 
derivation, the underlying general logic program is most likely non-terminating. This 
leads to the following definition. 

Definition 4.3 Let F be a general logic program, Sq a finite set of queries and R a 
depth-first, left- most control strategy. Let c? > 1 be a depth bound. P is said to be 
most-likely non-terminating w.r.t. Sq and R if for some query Qi in Sq, there is a 
generalized SLDNF-derivation of the form 



No :^ Qi ... : G., ^ ... ^ 
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such that 

1. For any j < d, L]^ ^anc L]^^^ and L].^^ ^ev L]^- 

2. For any j <d |L^.| = \L]^+^, or for any j <d \L]. \ < l^^.+J. 

3. For any j < d, the set of clauses used to derive L^g._^^ from L^g. is the same as 
that of deriving L^._^^^ from L^.^^, i.e. {Cj,, Cj^.} = C(j+i)„.^ J. 

Theorem 4.2 Let P , Sq and R he as defined in Definition 4-3. 

1. If P is not terminating w.r.t. Sq and R then it is most-likely non-terminating 
w.r.t. Sq and R. 

2. If P is not most-likely non-terminating w.r.t. Sq and R then it is terminating 
w.r.t. Sq and R. 

Proof: 1. If P is not terminating w.r.t. Sq and R, by Definition 4.2 for some query 
Qi e Sq there exists an infinite generahzed SLDNF-derivation in GT^q^. The result 
is then immediate from Theorem 3.4. 



14 



2. If P is not most-likely non-terminating w.r.t. Sq and it! and, on the contrary, 
it is not terminating w.r.t. Sq and R, then by the first part of this theorem we reach 
a contradiction. 

It is easily seen that the converse of the above theorem does not hold. The 
following algorithm is to determine most-likely non-termination. 

Algorithm 4.1 Testing termination of a general logic program. 

• Input: A general logic program P, a finite set of queries Sq = {Qi, ■■■,Qm}, 
and a depth-first, left- most control strategy R. 

• Output: Yes or a generalized SLDNF-derivation D. 

• Method: Apply the following procedure. 

procedure Test{P, Sq, R) 
begin 

1 For each query Qi E Sq, construct the full generalized SLDNF-tree 
GT^Q^ for P U {<— Qi} via R unless a generalized SLDNF-derivation 
D is encountered that meets the three conditions of Definition 4.3, 
in which case return D and stop the procedure; 

2 Return Yes 
end 

Theorem 4.3 Algorithm 4-i terminates. It returns Yes if and only if P is not most- 
likely non-terminating w.r.t. Sq and R. 

Proof: If for each query Qi G Sq the generalized SLDNF-tree GT^q^ for PU Qi} 
is finite, line 1 of Algorithm 4.1 will be completed in finite time, so that Algorithm 
4.1 will terminate in finite time. Otherwise, let all generalized SLDNF-trees GT^q. 
with i < m he finite and GT^q^^^ be infinite. Let D be the first infinite derivation 
in GT^Q^^^. By Theorem 3.4, D must be of the form 

Ao : Go ^ ...Ng, : Gg, ^ ... ^ A,, : Gg, ^ ... ^ Ng, : Gg, ^ ... 

such that the three conditions of Theorem 3.4 hold. Obviously, such an infinite 
derivation will be detected at the node A^^^^ : Gg^^^, thus Algorithm 4.1 will stop 
here. 

When Algorithm 4.1 ends with an answer Yes, all generalized SLDNF-trees for all 
queries in Sq must have been generated without encountering any derivation D that 
meets the three conditions of Definition 4.3. This shows that P is not most-likely 
non-terminating w.r.t. Sq and R. Conversely, if P is not most-likely non-terminating 
w.r.t. Sq and R, Algorithm 4.1 will not stop at line 1. It will proceed to fine 2 with 
an answer Yes returned. 
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Theorem 4.4 The following hold: 

1. If Algorithm 4-i returns Yes then P is terminating w.r.t. Sq and R. 

2. If P is not terminating w.r.t. Sq and R then Algorithm 4-1 will return a gen- 
eralized SLDNF-derivation D that meets the conditions of Definition 4-3. 

Proof: 1. By Theorem 4.3 Algorithm 4.1 returning Yes imphes P is not most-hkely 
non-terminating w.r.t. Sq and R. The result then follows from Theorem 4.2. 

2. By Theorem 4.2, when P is not terminating w.r.t. Sq and R, it is most-likely 
non-terminating w.r.t. Sq and R. So there exist generahzed SLDNF-derivations in 

some generalized SLDNF-trees GT^q. that meet the three conditions of Definition 
4.3. Obviously, the fist such derivation D will be captured at line 1 of Algorithm 4.1, 
which leads to an output D. 



4.3 Examples 

We use the following very representative examples to illustrate the efi^ectiveness of 
our method. In the sequel, we choose the smallest depth bound d — 2. 

Example 4.1 Applying Algorithm 4.1 to the logic program Pi of Example 2.1 with a 
query Qi — p{a) will return a generalized SLDNF-derivation D, which is the path from 
A^o to N4 in Figure 1. D is informative enough to suggest that Pi is not terminating 
w.r.t. Qi. 

Example 4.2 Applying Algorithm 4.1 to the logic program P2 of Example 2.2 with 
a query Qi = p will return an answer Yes. That is, P2 is terminating w.r.t. Qi. 
However, for the query Q2 — q applying Algorithm 4.1 will return the following 
generahzed SLDNF-derivation 

which strongly suggests that P2 is not terminating w.r.t. Q2. 

Example 4.3 Consider the following widely used program:^ 

P3: append{^,X,X). 

append{ [X\YlU,[X\Z]) ^ append{Y, U, Z) . Ca, 

Assume the following types of queries (borrowed from [12]): 

•^It represents a large class of well-known logic programs such as member, subset, merge, quick- 
sort, reverse, permutation, and so on. 
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Qi = append{[l,2],[3],L), 

Q2^appendi[l,2],[3],[M), 
Qs = append{Li, L2, [1, 2]), 

Q4 = append{Li, [1,2],L3), 

Q5 = append{Li,L2,L:i), 

Qe = append{[X\Yi[iY), 

Qr = appendi[X\Y],Y,[Z\Y]). 

The generalized SLDNF-trees GT^q-^, GT^q,^, and GT^q.^ are all finite and con- 
tain no expanded variants in any derivations. So Algorithm 4.1 will return Yes when 
executing Test(P3, {Qi, (52, Qa}, -R)- That is, P3 is terminating w.r.t. the first three 
types of queries. 

When evaluating Q^, Algorithm 4.1 will return a generalized SLDNF-derivation as 
shown in Figure 3 (a). Note that all selected subgoals in the derivation are variants. 
Similar derivations will be returned when applying Algorithm 4.1 to Q5 and Qq. 
Applying Algorithm 4.1 to Q-j will yield a generalized SLDNF-derivation as shown 
in Figure 3 (b). Note that the selected subgoal at node A^3 is an expanded variant 
of the subgoal at N2 that is an expanded variant of the subgoal at A^i. That is, 
append{Y2, [X^WX^lY^W.Y^) ^ev append{Yu [Xi\Yi],Y^) ^ev append{Y,Y,Y). 

It is clear that the derivations of Figures 3 (a) and (b) can be infinitely extended 
by repeatedly applying the clause Ca^, thus P3 is non-terminating w.r.t. the queries 
Q4 — Qi- 

No: ^ append{Lu [1, 2], L3) No: ^ append{[X\Y],Y, [Z\Y]) 

I C'02 I Ca2 

Ni : ^ append{Yi ,[1,2], Zi) Nv ^ append{Y, Y, Y) 

N2: ^ append{Y2, [1, 2], Z2) N2: ^ append{Yi, [Xi\Yi], Fi) 



Ny. ^ append{Y2, [Xi \ [Xa IF2]], Y2) 
(a) (b) 

Figure 3: Two generahzed SLDNF-derivations that satisfy the three conditions of 
Definition 4.3 



Example 4.4 The following program illustrates how a list of terms grows recursively 
through a DELETE-ADD-SHUFFLE process. 

P4 : p{[XuX2\Y]) ^ q{[X,,X2\Y],Z),reverse{Z,[],Z,),p{Z,). C^, 
g([Xi,X2|F],[X3,/(Xi,X2),X2|y]). C,, 
reverse{Z, [], Zi) <— Zi is the reversed list of Z. Crev 

Given a subgoal p{[Xi, X2\Y]), applying C^^, C^^, Crev successively will 
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DELETE Xi, thus yielding a list [X2IF], 

ADD X3 and /(Xi, X2), thus yielding a hst [X3, f{Xi, X2), XalF], and 

SHUFFLE the list [X3, /(Xi, X2), X2IF] by reversing its components. 

Note that the addition of X^ is independent of the original list [Xi,X2|F], but 
f{Xi,X2) is generated based on the hst. This means that given a query of the 
form p{[Ti, ...,Tm]), a new variable X and a function f{A{,A2) will be added each 
cycle {Cpj^,Cgj^,Crev} is applied, where the domain of A{ and is the closure of 
the function /(-,-) over {X,Ti, ...,T„i} (up to variable renaming). As an illustra- 
tion, consider an arbitrary query Qi = p{[a,b]). Applying Algorithm 4.1 to Qi will 
return a generalized SLDNF-dcrivation as shown in Figure 4, where for the selected 
subgoals L\2,Ll,Ll at nodes A^i2, Nq and No, we have -<anc L\ ^anc -^12) 
-^12 '^Ev L\ □ey Lq, and \L\2\ > \L\\ > |Lq|. We see the following terms added due 
to the repeated applications of {Cp^, Cg^, Crev}' 

FromATotoA^a Xi,f{a,b), 

ATgto ATg X2,fib,fia,b)), 

N.toN, X3,/(Xi,/(a,6)), 

ATgtoATis X,,f{X2,f{bJ{a,b))). 

Apparently, the generahzed SLDNF-derivation of Figure 4 can be infinitely ex- 
tended. Thus P4 is non-terminating w.r.t. Qi (and all queries of the form p([Ti, T^])). 

*No: -^^([0,6]) 
Ni: ^q{[a,b],Z), reverse{Z, [] , Zi ) , p(Zi ) 



N2: ^ reverse{[Xi,f{a, b),b],W, Zi),p{Zi) 

I Crev 

N3: ^pi[b,f{a,b),Xi]) 
N4: ^ q{[b, f{a, 6), Xi], Z2), reverse{Z2, [], ^3),p(^3) 
jVg: ^ reverse{[X2, f(b, f{a, b)), f{a, b), Xi], Q, Z3),p(^3) 

Crev 



*N6: ^ /(a, 6), f{b, f{a, &)), X2]) 

iVg: ^ p([X2, /(a, 6)), f{a, b), f{Xi,f{a, 6)), X3]) 

i Cpi 1 C'gj^ , Crev 

*iVi2: ^ p([X3, f{X,,f{a, b)),f{a, b),f{b, f{a, b)),f{X2, f{b, f{a, 6))), X4]) 

Figure 4: A generalized SLDNF-derivation for P4 U {<— Qi} 
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Example 4.5 ([1]) Consider the following well-known game program: 



win{X) ^ move{X,Y).-iwin{Y). C, 
move{a, b) <— for (a, h) & Q where Q is an acyclic finite graph. C, 



mi 



Assume the following two types of queries: 

Qi — win{a), 
Q2 = win{X). 

Since Q is an acyclic finite graph, no expanded variants occur in any generalized 
SLDNF-derivations. Therefore, Algorithm 4.1 will terminate for both Qi and Q2 with 
an answer Yes. That is, P5 is terminating w.r.t. {Qi, Q2}- 

Example 4.6 ([1]) The following general logic program is used to compute the tran- 
sitive closure of a graph. 



r(X, y, E, V) ^ memher{[X, Y\,E). C, 

r{X,Z,E,V) ^ member{[X,Y], E),^member{Y,V),r{Y, Z, E,[Y\V]). Q 

member {X, [X\T]). C, 

member{X, [Y\T]) <— member{X,T). C, 



n 
ri 
mi 



mi 



Queries over this program are of the form r(X, Y, e, \X\) where X, Y are nodes and e 
is a graph specified by a finite list of its edges denoted by \Node, Node\. Such a query 
is supposed to succeed when [X, Y\ is in the transitive closure of e. The last argument 
of r(X, Y. e, \X\) acts as an accumulator in which a list of nodes is maintained which 
should not be reused when looking for a path connecting X with y in e (to keep the 
search path acyclic). As an example, let e = {[[a, 6], [6, c], [c, a]]}. We consider the 
following three types of queries: 

Q\ = r{a,c,e, [a]), 
Q2 = r(a,r,e, [o]), 
g3 = r(X,r,e, [X]). 

The generalized SLDNF-trees GT^q-^, GT^q^, and GT^q^ are depicted in Figures 5, 
6 and 7, respectively. Since there is no expanded variant in any generalized SLDNF- 
derivations, Algorithm 4.1 will return Yes when executing Test{PQ, {Qi, Q2, Qs}, R)- 
That is, pQ is terminating w.r.t. these three types of queries. 

It is interesting to observe that for each of the above logic programs. Pi — Pq, 
it is terminating if and only if applying Algorithm 4.1 to it yields an answer Yes. 
In fact, this is true for all representative logic programs we have currently collected 
in the literature. However, due to the undecidability of the termination problem, it 
is unavoidable that there exist cases in which Algorithm 4.1 returns a generalized 
SLDNF-derivation D, but P is a terminating logic program. We have created such a 
rarely used program. 
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No: ^ r{a,c,e, [a]) 



a, Y],e), -imember{Y, [a]), r{Y, c, e, [Y, a]) 
Y = b 



Of Ni: member { 

N2: <— -imember{b,[a]),r{b,c,e,[b,a]) 



N3: ^ r{b,c,e, [b,a]) 



Yi=c 



Nr. ^ r{c,c,e, [c,b,a]) 



c, e), -imem6er(F2, [c, b, a]), r{Y2, c, e, [Y2, c, b, a]) 
Y2 = a 



Of N5: member { 

Nq: <— -imember{a, [c, 6, a]),r{a,c, e, [a, c, b, a]) 



Figure 5: GT^q, for Pg U Qi} 



No: ^r{a,Y,e,la]) 



Y = b 

□t Ni: member ( 



Cr2 

a, Yi], e), ^member {Yi, [a\), r{Yi, Y, e, [Yi,a\) 
Yi = b 



N2: <— -'member(b,[a]),r{b,Y,e,[b,a]) 



Y = c.-' 



Ns: ^r{b,Y,e,[b,a]) 



Y2=C 



N4: <- r(c,y,e, [c, 6,0]) 



ri 



Y = q 

Ot A^s: <— member { 



Cr2 

c, Is], e), -^member{Y3, [c, 6, a]), r(y3, e, [^3,0, 6, a]) 
^3 = a 



Nq: <— -imember{a, [c, b, a]),r{a, Y, e, [a, c, b, a]) 



Figure 6: GT^q, for Pg U Q2} 
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Cr 



No: ^r{X,Y,e,[X]) 



Terminating A''i: member { 
X = a,Yi=b , . . ■ ^"^^ 



Cr2 

X, Yi], e),^memher{Yu [X]),r{Yu Y, e, [Yi,X]) 
X = b,Yi=c ^^>- . 



X = c,Yi=a 



N2: ^ r{b, Y, e, [b, a]) N3: ^ r(c, Y, e, [c.b]) N4: ^ r{a, Y, e, [a, c]) 
i I I 

Terminating Terminating Terminating 

Figure 7: GT^q, for Pg U Q3} 



Example 4.7 Consider the following logic program and top goal, where the function 
size{Z) returns the number of elements in the list Z (e.g. size{[a, b]) = 2). 



P-j : p{[X\YlN) ^ size{[X\Y]) < N,p{[X, X\Y], N). 
Go: ^p([a],100). 



C, 



pi 



The generalized SLDNF-tree GTgq for P7 U {Go} is shown in Figure 8. It is 
easy to see that for any i > 0, the subgoal L^^^ at A''2*i is an ancestor subgoal of 
the subgoal -f'2*(j+i) ^2*(j+i)i while ij2*(i+i) expanded variant of L^^- with 

l-^2*(i+i)l > \^2*i\- is terminating w.r.t. the query p([a],100). However, applying 
Algorithm 4.1 (with d — 2) will return a generahzed SLDNF-derivation D that is the 
segment between Nq and in Figure 8. Apparently, in order for Algorithm 4.1 to 
return Yes the depth bound d should not be less than 100. 



iVi: 



size([a]) < 100, p( [0,0], 100) 



N2: ^p([a,a],100) 



A^s: ^ size{[a, a 



< 100, p( [a, a, a], 100) 



N4: <-p([a,o,o],100) 



iVigg: ^p([a^^],100) 

Cpi I lOOa'a 

iVigg: ^ size{[a,...,a]) < 100,p([a, o], 100) 



Figure 8: ^^^([^i.ioo) for F7 U p{[a], 100)} 
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5 Related Work 



Our work is related to both termination analysis and loop checking. 
5.1 Work on Termination Analysis 

Concerning termination analysis, we refer the reader to the survey of Decorte, De 
Schreye and Vandecasteele [12, 15] for a comprehensive bibliography. 

There are two essential differences between existing termination analysis tech- 
niques and ours. The first difference is that theirs are static approaches, whereas ours 
is a dynamic one. Static approaches only make use of the syntactic structure of the 
source code of a logic program to estabhsh some well-founded conditions/constraints 
that, when satisfied, yield a termination proof. Since non-termination is caused by an 
infinite generalized SLDNF-derivation, which contains some essential dynamic char- 
acteristics (such as expanded variants and the repeated application of some clauses) 
that are hard to capture in a static way, static approaches appear to be less precise 
than a dynamic one. For example, it is difficult to apply a static approach to prove 
the termination of program P2 in Example 2.2 with respect to a query pattern p. 
Moreover, although some static approaches (e.g., see [13, 30, 43, 45]) are automati- 
zable, searching for an appropriate level mapping or computing some inter argument 
relations could be very complex. For our approach, the major work is to identify 
expanded variants, which is easy to complete. 

The second difference is that existing methods are suitable for termination analysis 
with respect to query patterns, whereas ours is for termination analysis with respect 
to concrete queries. The advantage of using query patterns is that if a logic program 
P is shown to be terminating with respect to a query pattern Q, it is terminating 
with respect to all instances of Q that could be an infinite set of concrete queries. 
However, if P is shown to be not terminating with respect to Q, which usually means 
that P is terminating with respect to some instances of Q but is not with respect to 
the others, we cannot apply existing termination analysis methods to make such a 
further distinction. In contrast, our method can make termination analysis for each 
single concrete query posed by the user and provide explanations about how non- 
termination happens. This turns out to be very useful in real programming practices. 
Observe that in developing a software in any computer languages we always apply 
some typical cases (i.e. concrete parameters as inputs) to test for the correctness 
or termination of the underlying programs, with an assumption that if the software 
works well with these typical cases, it would work well with all cases of practical 
interests. 

From the above discussion, it is easy to see that our method plays a complemen- 
tary role with respect to existing termination analysis approaches (i.e. static versus 
dynamic and query patterns versus concrete queries). 
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5.2 Work on Loop Checking 



Loop checking is a run-time approach towards termination. It locates nodes at which 
SLD-derivations step into a loop and prunes them from SLD-trees. Informally, an 
SLD-derivation 

iVo : Go ^ iVi : Gi ^ ... ^ iV, : ^ ... ^ : ^ ... 

is said to step into a loop at a node Nk : Gk if there is a node iVj : Gj (0 < i < k) in 
the derivation such that Gj and Gk are sufficiently similar. Many mechanisms related 
to loop checking have been presented in the literature (e.g. see [3, 8, 11, 20, 27, 26, 
35, 36, 37, 40, 41, 44, 48]). We mention here a few representative ones. 

Bol, Apt and Klop [3] introduced the Equality check and the Subsumption check. 
These loop checks can detect loops of the form 

TVo : Go ^ iVi : Gi ^ ... ^ TV- : ^ ... ^ iV^ : G^ 

where either Gk is a variant or an instance of Gj (for the Equality check), i.e. Gk — 
Gi9 under a substitution 9, or Gj is included in G^ under a substitution 9 (for the 
Subsumption check), i.e. Gk 2 Gi9. However, they cannot handle infinite SLD- 
derivations of the form 

No : p{X) => TVi : p{f{X)) => ... => N, : p{f{...f{X)...)) => ... 

Sahlin [34, 35] introduced the OS-check (see also [4]). It determines infinite loops 
based on two parameters: a depth bound d and a size function size. Informally, 
OS-check says that an SLD-derivation may go into an infinite loop if it generates an 
oversized subgoal. A subgoal A is said to be oversized if it has d ancestor subgoals 
in the SLD-derivation that have the same predicate symbol as A and whose size is 
smaller than or equal to A. 

Bruynooghe, De schreye and Martens [8, 26, 27] presented a framework for partial 
deduction with finite unfolding that, when applied to loop checking, is very similar to 
OS-check. That is, it mainly relies on term sizes of (selected) subgoals and a depth 
bound. See [4, 26] for a detailed comparison of these works. 

OS-check (similarly the method of Bruynooghe, De schreye and Martens) is com- 
plete in the sense that it cuts all infinite loops. However, because it merely takes 
the number of repeated predicate symbols and the size of subgoals as its decision 
parameters, without referring to the informative internal structure of the subgoals, 
the underlying decision is fairly unreliable; i.e. many non-loop derivations may be 
pruned unless the depth bound d is set sufficiently large. 

Using expanded variants, in [37] we proposed a series of loop checks, called VAF- 
checks (for Variant ^toms loop checks for logic programs with Functions). These loop 
checks are complete and much more reliable than OS-check. However, they cannot 
deal with infinite recursions through negation like that in Figure 1. 

The work of the current paper can partly be viewed as an extension of [37] 
from identifying infinite SLD-derivations to identifying infinite generalized SLDNF- 
derivations. It is worth noting that termination analysis is merely concerned with the 
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characterization and identification of infinite derivations, but loop checking is also 
concerned about how to prune infinite derivations. The latter work heavily relies 
on the semantics of a logic program, especially when an infinite recursion through 
negation occurs. Bol [4] discussed loop checking for locally stratified logic programs 
under the perfect model semantics [33]. 

6 Conclusions 

We have presented a method of verifying termination of general logic programs with 
respect to concrete queries. A necessary and sufficient condition is established and 
an algorithm for automatic testing is developed. Unlike existing termination analysis 
approaches, our method does not need to search for a model or a level mapping, nor 
does it need to compute an intcrargumcnt relation based on additional mode or type 
information. Instead, it detects infinite derivations by directly evaluating the set of 
queries of interest. As a result, some key dynamic features of a logic program can be 
extracted and employed to predict its termination. Such idea partly comes from loop 
checking. Therefore, the work of this paper bridges termination analysis with loop 
checking, the two problems which have been studied separately in the past despite 
their close technical relation with each other. 

It is worth mentioning that the practical purpose of termination analysis is to assist 
users to write terminating programs. Our method exactly serves for this purpose. 
When Algorithm 4.1 outputs Yes, the logic program is terminating; otherwise it 
provides users with a generalized SLDNF-derivation of the form as shown in Figures 
3 or 4. Such a derivation may most likely lead to an infinite derivation, thus users 
can improve their programs following the informative guidance. (In this sense, our 
method is quite like a spelling mechanism used in a word processing system, which 
always indicates most likely incorrect spellings.) 

Due to the undecidability of the termination problem, there exist cases in which 
a logic program is terminating but Algorithm 4.1 would not say Yes unless the depth 
bound d is set sufficiently large (see Example 4.7). Although d — 2 works well for 
a vast majority of logic programs (see Examples 4.1 - 4.6), how to choose the depth 
bound in a general case then presents an interesting open problem. 

Tabled logic programming is receiving increasing attention in the community of 
logic programming (e.g. see [5, 10, 38, 39, 42, 48, 49]). Verbaetcn, De Schreye and K. 
Sagonas [47] recently exploited termination proofs for positive logic programs with 
tabling. For future research, we are going to extend the work of the current paper to 
deal with general logic programs with tabling. 
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